Abstract:

Develop a system that can reliably and efficiently correlate and merge the results of open-source and commercial automated static and dynamic
security scanning technologies, using common data structure standards for both automated static and dynamic security scanning results; building
methods of matching the results of automated static and dynamic tools. The goal of Phase II will be to deliver a fully functional product that can
correlate and merge the results of four (4) open-source and commercial automated static and four (4) dynamic security scans of web applications.
Commercialization plans involve integrating Hybrid Analysis Mapping with Denim Group's existing ThreadFix product: a software vulnerability
aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and integrate with software defect
tracking systems. It is currently commercialized using a common and tested "open source" business model where the base technology is made available
for free under an open source software license. This will increase the adoption of the technology by allowing any organization access to the software
without requiring licensing fees. However, organizations that require commercial support for their customized use of the technology can purchase
support contracts. In addition, organizations that wish to customize or extend the functionality of the technology will be required to pay for access to
these services. Phase 2 plans include making the technology available under a cloud "software as a service" (SaaS) model removing the requirements of
configuring, installing and maintaining their own systems.